IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



UTILITY PATENT APPLICATION FOR: 

HYBRID AND PREDICTIVE ADMISSION 
CONTROL STRATEGIES FOR A SERVER 



Inventors: 

Ludmila CHERKASOVA 
1338 Elsona Drive 
Sunnyvale, CA 94087 

Peter PHAAL 
1639 - 9th Ave. 
San Francisco, CA 94122 



HP Docket No. 10981520-2 



HYBRID AND PREDICTIVE ADMISSION CONTROL STRATEGIES 

FOR A SERVER 



BACKGROUND OF THE INVENTION 

1. Field of Invention 

The present invention relates generally to the field of servers and pertains 
more particularly to a system for providing reliable client/server sessions by 
controlling the admission of arriving messages to a server. 

2. Discussion of the Prior Art 

Servers are commonly employed for sharing of information among large 
numbers of computer systems or similar devices. A computer, system or similar 
device that communicates with a server is usually referred to as a client of the server 
and the server is often part of a host system. A client and a host typically exchange 
messages via a communication network using a predetermined protocol. Such 
protocols are usually arranged in a client/host model in which a requesting client 
transfers a request message to a host and the host in turn takes an appropriate action 
depending on the content of the request message. Typically, the appropriate action 
for the request message includes the transfer of a response message to the requesting 
client. 

Prior protocols typically do not allow for the establishment of a persistent 
session between the client and the host in the traditional sense in which a local 
terminal establishes a session on a computer system. Instead, any session-like 
information is usually implied in the content of the messages exchanged between the 
client and the host. Such a communication protocol may be referred to as a 
"stateless" protocol. Such stateless protocols include protocols associated with 
Internet communication including the Internet Protocol (IP), the User Datagram 
Protocol (UDP), the Simple Mail Transfer Protocol (SMTP), and the Hypertest 
Transfer Protocol (HTTP), as well as the Network File System (NFS) Protocol. 
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A client that accesses a host commonly engages in an extended transaction 
with the host. Such an extended transaction typically involves the exchange of 
multiple messages between the client and the host. For example, an NFS client 
typically issues multiple request messages to an NFS server while retrieving a file 
from the NFS server. Similarly, an HTTP client typically issues multiple request 
messages to an HTTP server while browsing through web pages contained on the 
HTTP server. Such transactions that involve the exchange of multiple messages 
between a client and a server are hereinafter referred to as sessions. 

Servers commonly have a large pool of potential clients which may issue 
request messages. For example, an HTTP server connected to the world-wide-web 
has potentially millions of clients from which it may receive request messages. Prior 
servers that are adapted for stateless protocols typically respond to each request 
message in the order in which it is received, that is, on a first-come-first-served basis 
regardless of the source of the request message. 

In the present context, the term "quality of service" refers both a host's ability 
to provide quick response to a message and to complete an entire session. As a 
particular host becomes more popular, and due to that popularity receives more 
messages, the host's processing resources can become stretched. For example, due to 
heavy traffic, a host may not be able to respond to a message at all, or the hosx may 
not provide a timely response which can cause a client to "time-out" and generate an 
error. Poor quality of service can have significant results, as users may become 
frustrated and simply give up trying to reach a particular host, or the sponsor of the 
host may lose sales or fail to communicate needed information to any or all clients. 

Two techniques are generally used to alleviate quality of service problems. 
First, more processing capacity can be added to the host, typically by either replacing 
the host with another, more powerful computer, or by providing multiple computers 
in parallel and delegating new messages to different ones of the multiple computers. 
While this first technique presents an effective way of reducing some quality of 
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service problems, it is not always practical. For example, sometimes, due to 
inadequate planning, budgetary constraints or space constraints, additional processing 
capacity simply cannot be added. Other times, if demand for a host is not properly 
forecast, there may be a long lead time before additional processing capacity can be 
purchased and implemented. 

A second technique calls for applying "admission control," where only a 
certain set number of client messages are processed ("admitted") and the remainder 
are refused. Of the messages which are in fact admitted, all are ideally handled in an 
expedient manner without degradation of quality of service as to those admitted 
messages. An advantage of this technique is that admission control can be 
implemented in software, thus facilitating quick, inexpensive vise with little advance 
notice. Unfortunately, typical admission control mechanisms operate by admitting 
messages on a message-by-message basis, and so, these typical admission control 
techniques do not provide an adequate solution for multiple-message sessions. Also, 
the messages which are not admitted to the host are generally not handled at all, such 
that a client is not informed that the request has been refused or the client, if 
informed, is simply asked to "try again later." Typically, a refused client must try 
repeatedly to obtain service with no guarantee that future requests will be processed. 
For these reasons and others, techniques generally used to alleviate quality of service 
problems are not always successful. 

A definite need exists for an admission control system having an improved 
ability to alleviate quality of service problems. In particular, a need exists for an 
admission control system which responds to all messages, whether or not those 
messages are actually admitted. Ideally, such system would operate by admitting 
entire sessions, not just individual messages, such that messages relating to a session 
in-progress are generally admitted. With a system of this type, admission control 
would at least provide a reliable means of finishing each session with high quality of 
service. Finally, a need exists for a system that provides some level of service to all 
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clients, including those which have been refused admission. The present invention 
solves these needs and provides further, related advantages. 

SUMMARY OF THE INVENTION 

An admission control system for a server is disclosed including an admission 
controller that receives a stream of messages from one or more clients targeted for 
the server. The admission controller relays to the server the messages in the stream 
that correspond to a number of sessions already underway between the clients and the 
server. The admission controller also relays to the server the messages in the stream 
that do not correspond to sessions already underway if a hybrid and predictive 
admission control strategy using information provided by a resource monitor indicates 
that additional sessions can be handled by the server. The admission controller 
defers the messages otherwise. 

BRIEF DESCRIPTION OF THE DRAWING 

The above and other objects and advantages of the present invention will be 
more readily appreciated from the following detailed description when read in 
conjunction with the accompanying drawing, wherein: 

FIG. 1 is a block diagram of an admission control system that provides 
reliable sessions between clients and a server; 

FIG. 2 is a flow diagram of the processing of arriving messages by the 
admission controller in one embodiment of the present invention; 

FIG. 3 is a block diagram of example configurations of web servers that 
employ the admission control techniques of the present invention; and 
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FIG. 4 is a block diagram of the application of the admission control 
techniques of the present invention to a proxy server. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

5 

A purpose of the present invention is to provide improved quality of service 
of a server through hybrid and predictive admission control strategies. Turning first 
to FIG. 1, a block diagram of an admission control system 10 that provides reliable 
sessions between clients (not shown) and a server 12 is shown. The admission 
10 control system 10 includes the server 12, an admission controller 14, a resource 

monitor 16, and a deferral manager 18. The admission controller 14 processes a 
/;:: stream of arriving messages 20 from clients into a stream of accepted messages 22 

□ and a stream of unaccepted messages 24. The accepted messages 22 are passed on to 

„ the server 12 and the unaccepted messages 24 are passed on to the deferral manager 

V$ 18. It is important to note that there is a practical limit to the number of messages in 

the stream of arriving messages 20 for a given time interval. That is, only a finite 
number of messages can be captured for processing by the admission control system 
\'Z 10. Any messages that are sent by clients but do not become part of the stream of 

O arriving messages 20 are referred to as refused connections. Refused connections 

20 often result in aborted sessions. Refused connections are handled according to the 

applicable protocol. 

The server 12 represents any server that processes request messages using a 
stateless protocol in which clients do not establish persistent sessions with the server. 
25 In one embodiment, the server 12 is a web server that processes request messages 

from web clients using the HTTP. In another embodiment, the server 12 is a NFS 
server that processes request messages from NFS clients using the NFS protocol. In 
other embodiments, the server 12 may be adapted to the IP, the UDP, or the SMTP, 
to name a few examples. 

30 
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The server 12 includes resources (not shown) that are involved in the 
servicing of the arriving messages 20. These resources include, for example, one or 
more processors or central processing units (CPUs), various types of memory and 
storage subsystems, and network communication subsystems. 

The resource monitor 16 monitors the utilization of the resources in the server 
12 that are involved in the servicing of the accepted messages 22 and provides the 
admission controller 14 with indications of the utilization of the resources. These 
indications or metrics inform the admission controller of whether sufficient resources 
are available in the server to provide an adequate level of service to new sessions. 

In one embodiment, the resource monitor 16 measures the CPU utilization in 
the server 12. In another embodiment, the resource monitor measures the utilization 
of the network pathway for the accepted messages 22 to the server. In a further 
embodiment, the resource monitor measures the utilization of a storage subsystem, 
such as a disk drive, of the server. In still another embodiment, the resource monitor 
16 measures the percentage of aborted client requests as an indication that the level 
of service is unsatisfactory. In an additional embodiment, the resource monitor 
measures the percentage of new sessions refused as an indication that the server 12 is 
overloaded. In yet another embodiment, the resource monitor generates a combined 
metric for use by the admission controller 14 that takes into account a number of the 
above metrics. 

The admission controller 14 receives the stream of arriving messages 20 
which are targeted for the server 12. Each of the arriving messages specifies a client 
request for the server. Each client request implies an action to be taken by the server 
in accordance with the predetermined communication protocol which the server 
processes. 

The admission controller 14 processes individual ones of the arriving 
messages 20 based upon the indications provided by the resource monitor 16 and a 
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determination of whether the arriving messages correspond to sessions already 
underway with the server 12. In one embodiment, a transaction list 26 identifies any 
session underway between the server and a requesting client. The admission 
controller compares client source indications contained in the arriving messages to 
entries in the transaction list to determine whether the arriving messages correspond 
to sessions underway. In another embodiment, the admission controller determines 
whether the arriving messages correspond to sessions underway by detennining 
whether valid transaction identifiers are contained in the arriving messages. 

The admission controller 14 accepts the ones of the arriving messages 20 that 
correspond to sessions underway. In addition, the admission controller accepts the 
ones of the arriving messages that do not correspond to existing sessions if the 
resource monitor 16 indicates that there are sufficient resources in the server 12 to 
adequately process a new session. 

The server 12 receives and processes each of the accepted messages 22 in the 
order received at the server. A stream of completed messages 28 represents the 
actions taken by the server in response to the accepted messages. For example, the 
completed messages may contain response information to be transported to the 
requesting clients that originated the corresponding accepted messages. 

The deferral manager 18 handles the unaccepted messages 24 which were 
blocked by the admission controller 14. In one embodiment the deferral manager 
transfers the unaccepted messages as a stream of deferred messages 30 to another 
server (not shown) that replicates the functionality of the server 12. For example, if 
the server is a web server then the deferral manager redirects the deferred messages 
to another web server, often called a mirror site, that performs the same function as 
the web server 12. 

In another embodiment wherein the server 12 is a web server, the deferral 
manager 18 transfers response messages back to the requesting web clients which 
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indicate that a bonus or incentive is available if the deferred request is retried at a 
later time. For example, if the web server provides a sales transaction to requesting 
web clients, then the deferred messages 30 are targeted for the deferred requesting 
clients and may contain encoded information that provides the client with a discount 
on a later purchase. 

In another embodiment, the deferral manager 1 8 directs the deferred messages 
30 to another server that enables the deferred web client to reserve a future time 
interval for access to the server 12. Alternatively, the server may provide a function 
that enables the deferred web client to reserve a future time. In addition, the deferral 
manager may transfer a response message to the deferred client that indicates that the 
request is being deferred. 

Turning now to FIG. 2, a flow diagram of the processing of the arriving 
messages 20 by the admission controller 14 in one embodiment of the present 
invention is shown. The arriving messages include a new request message, and 
processing begins at block 32. At decision block 34, the admission controller 14 
examines a client source indication in the new request message to determine whether 
the new request message corresponds to an entry in the transaction list 26. If the 
new request message corresponds to a session that is identified in the transaction list, 
then processing proceeds to block 42 where the new request message is passed on to 
the server 12 as one of the accepted messages 22. 

In one embodiment, the client source indication is an IP address in the new 
request message that specifies its source. Correspondingly, the entries in the 
transaction list 26 contain the IP addresses of clients of the server 12 that are 
involved in sessions. The admission controller 14 compares the IP address contained 
in the new request message to the IP addresses stored in the transaction list 26 at 
decision block 34. If a match is detected then processing proceeds to block 42. 
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In another embodiment, the client source indication is a transaction identifier 
in the new request message. Correspondingly, the entries in the transaction list 26 
contain transaction identifiers. At decision block 34, the admission controller 14 
determines whether a transaction identifier is contained in the new request message 
and compares that transaction identifier, if present, to the transaction identifiers stored 
in the transaction list 26 and processing proceeds to block 42 if a match is detected. 

Returning to decision block 34, if the new request message does not 
correspond to a transaction identified in the transaction list 26 then processing 
proceeds to decision block 36. At decision block 36, the admission controller 14 
determines whether sufficient resources are available in the server 12 to adequately 
service a new session. The determination at decision block 36 is made based upon 
indications provided by the resource monitor 16 and will be discussed in further 
detail below. In general, utilization of the resources of the server 12 are measured at 
regular intervals. If the utilization rises above a specified threshold, then for the next 
time interval, the admission controller 14 will reject all new sessions and service only 
existing sessions. Once the utilization falls below the given threshold, then for the 
next time interval, the admission controller 14 will admit new sessions again while 
continuing to service existing sessions. 

If there are insufficient resources to adequately sustain a new session at 
decision block 36, then at block 38 the admission controller 14 passes the new 
request message to the deferral manager 18 as one of the unaccepted messages 24. 
Otherwise at block 40, the admission controller creates a new entry in the transaction 
list 26. Thereafter, at block 42,. the admission controller passes the new request 
message on to the server 12 as one of the accepted messages 22. 

In one embodiment at block 40, the admission controller 14 creates a new 
entry in the transaction list 26 and writes the IP address of the new request message 
into the new entry of the transaction list In another embodiment, the admission 
controller creates a new entry and writes a new transaction identifier into the new 
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entry of the transaction list 26. The new transaction identifier may be returned to the 
requesting client that originated the request message as a "cookie" or may be returned 
to the requesting client in a hidden field of an HTTP form. 

The entries in the transaction list 26 identifying sessions remain valid until the 
end of the corresponding session. A session ends and the corresponding entry in the 
transaction list is cleared when a new client request message corresponding to that 
session is not received by the admission controller 14 during a predetermined time- 
out interval. In addition, a session ends at a point in the session defined by the 
server 12. For example, if the server 12 is a web server which provides an item 
purchase function then the session ends and its entry is cleared from the transaction 
list 26 when a message is received from the client indicating the confirmation of the 
purchase. 

There are two desirable properties for the processing of the arriving messages 
20 by the admission controller 14. The first is that the admission control process be 
responsive, that is, that the process aims to minimize the number of aborted sessions 
and to achieve higher levels of service at the expense of slightly lower session 
throughput. A responsive process leads to a more restrictive admission controller 14. 
The second is that the admission control process be stable, that is, that the process 
aims to minimize the overreaction to utilization changes with the benefit of slightly 
higher session throughput. A stable process leads to a less restrictive admission 
controller 14. If the utilization of the resources of the server 12 during the previous 
time intervals is consistently high and exceeds the threshold, then a responsive 
admission control process is very desirable to reject newly arriving messages 20 as 
soon as possible. However, if the utilization of the resources of the server 12 during 
the previous time intervals is consistently below the threshold with occasional brief 
bursts of utilization, then a stable admission control process is very desirable to 
maximize session throughput. As one can see, these two properties are somewhat 
contradictory and a hybrid admission control process is a desirable achievement. 
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Formally, the admission control process is defined by a number of parameters 
including the admission control utilization threshold Uth which establishes the critical 
server utilization level at which the admission control process becomes more 
restrictive. Hie server utilization is measured at regular intervals where the intervals 
are 77, T2,..., 77,... and their length is the admission control interval length ACil. For 
example, ACil might be one second so the server utilization is measured every 
second. The server utilization measured during the i-th interval Ti is Umea r An 
admission control function is used to evaluate the observed server utilization 
Uobs M where 



and k is a damping coefficient between 0 and 1 and is called the admission control 
weight coefficient. 

The observed server utilization is used to determine the admission control 
process of the admission controller 14. If Uobs M is greater than Uth, then for the 
next time interval Ti+1, the admission controller 14 will reject all new sessions and 
service only existing sessions. If Uobs M is less than or equal to Uth, then for the 
next time interval Ti+1, the admission controller 14 will admit new sessions again 
while continuing to service existing sessions. 

The value of the admission control weight coefficient k in Eq. 2 creates a 
range of admission control processes which cover the spectrum from responsive to 
stable. If k is equal to one, then the admission control process is based entirely on 
the server utilization measured during the last interval and is called responsive. If k 
is equal to one tenth (0.1), then the admission control process is influenced by server 
utilization measured over all of the prior intervals and the influence of the last 
interval is limited. This is called stable. As expected, a responsive admission control 
process leads to more restrictive admissions and achieves a better level of service but 
at the price of a higher percentage of new sessions refused as an result of the server 
being overloaded. Likewise, a stable admission control process achieves better 



facQ+V = (1-*) *f ac (f) * k * Ume* 



Eq. 1 
Eq. 2 
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throughput in the utilization range of eighty five to one hundred and twenty percent 
but at the price of a higher percentage of aborted client requests as a result of the 
unsatisfactory level of service. Based on these observations, a self-tunable admission 
control process called a hybrid was developed. 

Further parameters that define the admission control process include the 
number of refused connections Re(i) and the number of aborted requests Ab(i) 
accumulated during the interval Ti. It is assumed that Ab(i) is directly related to 
server service levels and not to external factors on the client end such as a computer 
crash. External factors should be discounted from Ab(i). If the sum of Re(i) and 
Ab(i) is greater then zero then the process needs to be made more responsive. If the 
sum of Re(i) and Ab(i) is equal to zero then either the system is not overloaded or 
the process is perfectly balanced between responsive and stable during server 
overload. This balance is the ideal state for the system to operate in and results in 
the best quality of service. 

The preferred hybrid process begins with k equal to one. Then for any time 
interval Ti where the sum of Re(i) and Ab(i) is greater than zero, k is made equal to 
one for the next time interval Ti+L Recall that this results in the most responsive 
admission control process. However, this may not be the most balanced process and 
so at intervals the process is evaluated for possible adjustment to a less responsive 
process. At an evaluation interval, if the sum of Re(i) and Ab(i) was equal to zero 
for ail of the previous time intervals since the previous evaluation interval, then k is 
reduced by a predetermined amount, for example 0.1. Recall that k is limited to 
having a value greater than or equal to zero so k cannot be reduced below zero. It is 
preferred that the evaluation intervals be separated by the number of time intervals 
that it takes tq complete an average session known as an admission control cycle. 
The admission control cycle can be approximated by measuring an inter request time, 
that is the time it takes for the system to respond in addition to the time it takes for 
the client to evaluate the response and place a new request, multiplied by an average 
session length in number of requests. 



HP Docket No. 10981520-2 



An alternative to the hybrid process would be for the process not to return 
immediately to k equal to one upon the first sign of overload. Instead, for any time 
interval Ti where the sum of Re(i) and Ab(i) is greater than zero, k is increased by a 
predetermined amount, for example 0.1, for the next time interval 27+/. Recall that 
k is limited to having a value less than or equal to one so k cannot be increased 
above one. 

A further alternative to the hybrid process would be for the process not to 
consider the summation of Re(i) and Ab(i) but to consider one or the other parameter 
individually. This may however result in a less accurate picture of the utilization 
levels of the server depending on the circumstances. 

The hybrid admission control process outlined above has a potential problem 
that one might want to address. The problem is that if the hybrid process determines 
that it can handle new sessions then it allows all new sessions presented to it in the 
next time interval. If the server is near full resource utilization, then it is possible 
that too many new sessions may be presented in the next time interval for the amount 
of resources that remain. The result is that the hybrid process allows the server to 
become overloaded when that is exactly what it is supposed to prevent. One way to 
address this problem is to allow something less than all of the new sessions 
presented. This may be a fixed maximum number, for example up to 10. or a fixed 
percentage, for example one-half. A further refinement would be to estimate the 
number of new sessions that the server can handle with the remaining resources and 
only admit that many new sessions in the next time interval. Based on this 
observation, an alternative to the hybrid admission control process, called predictive, 
was developed and is presented below. 

It is important for one to realize that in order to correctly estimate the number 
of sessions that a server is able to process per time interval, one must take into 
consideration the session rejection overhead. Even though a session may be rejected, 
this act takes up some fractional portion of the resources of the system. Under 
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certain conditions this can add up to a significant amount and will reduce the number 
of sessions that can be completed. Under the most extreme conditions, the session 
rejection overhead may theoretically be so great so as to prevent any sessions from 
being completed. 

In order to account for the session rejection overhead, a number of parameters 
that define the admission control process need to be measured or calculated. Among 
these is a server capacity in requests Sir which is the number of requests per time 
interval that a server can sustain. Next is the length, in requests rather then time, of 
an average completed session SesLength which is the average number of requests for 
a session. These values can be measured directly. Calculated from these two as the 
result of Sr divided by SesLength is a server capacity in sessions Ss which is the 
maximum number of sessions per time interval that a server can complete. The 
actual number of sessions applied to the server per time interval is equal to the 
product of Ss and Load where, for example, Load would be equal to two if the 
applied number of sessions was twice the server capacity in sessions. The actual 
number of sessions applied to the server per time interval is also equal to the sum of 
the number of rejected sessions per time interval x and the number of completed 
sessions per time interval y. These values can be measured directly. Based on these 
parameters, the session rejection overhead can be calculated. 

One should realize that from the perspective of the admission control system 
there are two types of sessions. The first is the completed session which has an 
average length of SesLength. The second is the rejected session which is equivalent 
to processing one request. Thus the number of requests per time interval handled by 
the system is defined in the following way: 

y * SesLength + x - Sr . Eq. 3 

Using the relationships described above, y can be expressed in the following way: 

Load * Sr 

y - -=—z - x . Eq] 4 

SesLength ^ 
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Replacing y in Eq. 3 with Eq. 4 and solving for x, one finds the following: 

x= Sr * (Load-l) £q 5 

SesLength-l 

Finally, the number of rejected sessions x divided by the server capacity in requests 
Sr is the fractional number of rejections per time interval and can be expressed as a 
percentage in the following way: 

RejectionPercentage - 100 * — Load-l — £q 6 

SesLength-l 

As reflected in Eq. 6, the rejection overhead depends on the average session length 
and the applied load. As a result, the shorter the average session length and the 
higher the applied load, the greater the rejection overhead. 

Once the rejection overhead is calculated, one is able to predict the number of 
sessions that the server is able to handle per time interval. The relationship is 
derived by replacing x in Eq. 4 with Eq. 5 and rearranging, resulting in the 
following: 

y = — * (SesLength-Load) 

SesLength * (SesLength-l) ' q ' 

Based on the calculation of the number of sessions that the server is able to complete 
per time interval, a predictive admission control system will only process new 
sessions for the amount of resources that it has available. One will realize that this 
prediction is not without risk because the prediction for the next time interval is 
based on data from the current time interval including the applied load and a running 
average of the session length. Either or both of these may not prove true for the next 
time interval. Under certain conditions the admission control system may still allow 
too many new sessions in the next time interval and allow the server to become 
overloaded. Nevertheless, the prediction should usually be better than simply 
allowing all new sessions in the next time interval. 
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Turning now to FIG. 3, a block diagram of example configurations of web 
servers that employ the admission control techniques of the present invention are 
shown. A set of web browsers 44, 46, and 48, and a pair of web servers 50 and 52 
are shown coupled for communication via a network 54. In addition, a pair of web 
servers 56 and 58 are shown coupled for communication over a local network 60. A 
gateway 62 enables communication between the network 54 and the local network 
60. 

The web browsers 44, 46, and 48 transfer HTTP requests via the network 54 
and are potential web clients to the web servers 50, 52, 56, and 58. Each HTTP 
request from the web browsers 44, 46, and 48 contains a Universal Resource Locator 
(URL), referred to as an "address," that targets one of the web servers 50, 52, 56, and 
58. The network 54 routes each HTTP request to either the web server 50 or 52, or 
the gateway 62, depending on the particular URL contained in the request. 

The web server 50 is augmented with software elements that provide 
functionality of the admission controller 14, the resource monitor 16, and the deferral 
manager 18. The deferral manager 18 in the web server 50 redirects deferred client 
request messages to the web server 52. The web server 52 may be a mirror site to 
the web server 50 or may implement special web server software for handling the 
deferred client requests as previously described. The resource monitor 16 in the web 
server 50 may employ the services of an operating system under which it executes to 
obtain metrics such as CPU, network, or storage subsystem utilization. 

In one embodiment, the web server 50 generates transaction identifiers to 
identify any of the web browsers 44, 46, and 48 to which sessions are underway. 
The web server 50 may transfer the transaction identifiers to the web browsers 44, 
46, and 48 as cookies in response messages to the web browsers. The cookies may 
be encoded and may have an expiration date and time. The web browsers 44. 46. 
and 48 include the cookies which they were allocated in subsequent request messases 
to the web server 50 and the admission controller 14 in subsequent request messages 
when determining whether to admit the subsequent request messages. 
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Alternatively, the web server 50 may transfer transaction identifiers to the web 
browsers 44, 46, and 48 as hidden fields in forms contained in response messages to 
the web browsers. The web browsers submit the forms including hidden transaction 
identifiers with subsequent request messages to the web server 50 and the admission 
controller 14 compares the transaction identifiers contained in submitted forms when 
deciding whether to admit the subsequent request messages. 

The gateway 62 functions as a communication gateway between the network 
54 and the local network 60 that connects to the web servers 56 and 58. The web 
servers 56 and 58 each may provide a different web server function. Alternatively, 
the web servers 56 and 58 taken together may provide a single web server function. 

The gateway 62 is augmented with software elements that provide the 
functionality of the admission controller 14, the resource monitor 16, and the deferral 
manager 18. The resource monitor 16 in the gateway 62 monitors the resources of 
both of the web servers 56 and 58 via the local network 60. The admission 
controller 14 in the gateway 62 receives arriving messages targeted for the web 
servers 56 and 58 from the web browsers 44, 46, and 48. The admission controller 
14 in the gateway 62 relays the arriving messages that correspond to sessions already 
underway onto the appropriate one of the web servers 56 and 58 if the resource 
monitor 16 indicates that sufficient resources are available in the appropriate web 
server 56 and 58 to adequately handle additional sessions. 

The web browsers 44, 46, and 48 may be embodied as separate computer 
systems that execute web browser software or as one computer system executing 
multiple web browser applications or any combination thereof. The web browsers 
may be also be embodied as network computers with web browser capability or 
television components with web browsing capability. 

Turning now to FIG. 4, a block diagram of the application of the admission 
control techniques of the present invention to a proxy server is shown. The proxy 
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server 64 enables access to a network 66 by a set of computer systems 68, 70, and 72 
coupled to a local network 74. For example, the network 66 may represent the 
world-wide-web of the Internet that enables access to a web server 76 and the 
computer systems 68, 70, and 72 may belong to a large organization and be 
connected via an internal organization network or local area network. 

The proxy server 64 receives a stream of client request messages from the 
computer systems 68, 70, and 72 which are targeted for destinations on the network 
66 such as the web server 76. 

The proxy server 64 maintains a transaction list 26 that identifies which of the 
computer systems 68, 70, and 72 have sessions underway with a destination on the 
network 66. In one embodiment, the transaction list 26 in the proxy server 64 
records network addresses on the local network 74 for the computer systems 68, 70, 
and 72. 

The proxy server 64 also contains a resource monitor 16 for monitoring the 
CPU and storage subsystem utilization in the proxy server, the network utilization in 
the proxy server, and the network utilization on both the network 66 side and the 
local network 74 side. The proxy server also contains an admission controller 14 that 
passes request messages from the computer systems 68, 70, and 72 onto the network 
66 if the client request messages correspond to sessions identified in the transaction 
list 26 of the proxy server. In addition, the admission controller 14 in the proxy 
server passes client request messages from computer systems 68, 70, and 72 not 
identified in the transaction list 26 if the resource monitor 16 in the proxy server 
indicate that sufficient resources are available to allow another session to be 
established. 

While the invention has been illustrated and described by means of specific 
embodiments, it is to be understood that numerous changes and modifications may be 
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made therein without departing from the spirit and scope of the invention as defined 
in the appended claims. 
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